Replying to Avatar kyle-moore

Is what Amir Taaki says about it true? That the scale of resources gathering and production to make a workable quantum computer would take an unbelievable ammount of resources and we would see it coming well in advance?
Avatar
Garbage nsec 2mo ago

Nah, that is not true. Look at the history of classic transistors. Every year a prediction, every next year that prediction blown out of the water.

There are many quantum approaches. Topological is an interesting one, but there are others. And generally speaking the number of working logical qubits needed for a quantum computer to break the pre-image resistance of SHA-256 is in the range of thousands. Plus no shortage of motivation, just think of what cracking 256 gets you.

If later this year some researchers announce they've created a machine with 100 logical q-bits, that's be a monumental engineering feat but definitely outside the realm of possibility. (It'd be a ChatGPT3 moment.)

And if that happens later this year then bitcoin is effectively dead, since there is little chance the protection can evolve faster than the threat. Bitcoin hasn't agreed upon a single, standardised post-quantum cryptographic algorithm yet, to say nothing of implemenation. Too busy arguing about op-return and jpegs. That's how it ends.

Reply to this note

Please Login to reply.

Discussion

Avatar
kyle-moore 2mo ago

How many logical bits do we have now in one machine?

Avatar
Garbage nsec 2mo ago

That depends on how reliably you want them to be. What you might call "highly reliable" then 12. "Decent reliable" then 24!

The threat to bitcoin's signing keys is Shor's Algorithm, and with a few thousand highly-reliable logical q-bits it's game over for enough keys to cause catastrophic economic failure to the whole network, like a body going into shock.

SHA256 is another thing, that's Grover's algo and to "crack" SHA there's a silly number of operations so you have to take those into account alongside q-bits, and it's like the age of the universe. So "crack" is not quite the right word. But to gain a speed edge is a real thing, and that leads to this difficulty manipulation attacks and other things. (Depends on q-bits but also the machine's raw speed.)

Shor's is enough on it's own to deal a knockout punch to bitcion though, if it happens soon enough.

Avatar
kyle-moore 2mo ago

Won't that always be an issue even if we do upgrade the protocol the old wallet addresses will still be vulnerable

Avatar
Garbage nsec 2mo ago

Its a blood loss issue. If you lose enough blood you go into shock. Same for bitcoin. The old keys will always be vulnerable but on their own maybe to not enough blood loss. But all the not old keys that are known and cant change in time (keep in mind no agreed algo to even change to yet) add them and that’s total shock

Avatar
kyle-moore 2mo ago

Yeah that makes sense, hopefully we don't ossify completely